The week-long celebration of small businesses got its start 50 years ago by order of President John F. Kennedy. It gives a nod to businesses from Main Street storefronts to companies with 1,500 employees and revenues of more than $35 million.

It’s important for businesses of all sizes to regularly check and update their approach to data security management. Here are five easy tips to improve your data security:

• Limit mobile devices. Smartphones really are just small computers that have the ability to access corporate systems like any remote laptop or connected computer terminal. But they’re a whole lot easier to lose. One way to reduce data exposure is to limit your business’s mobile phone use. If that’s not an option, treat them like computers: Pick your device carefully, require encryption and user authentication, and control available apps just like you would full-size computer programs.
• Encrypt sensitive data. Does your business handle sensitive data? Then database encryption is a must. Even if hackers get into a system, they can’t view encrypted data unless they have specific encryption keys. If your company issues notebook computers, which can easily be lost, whole drive encryption programs also are a must. It can lock out thieves, even if the computer is in their hands.
• Train your employees. Your business is only as fit at its weakest link. Require security training and testing for your employees. Drill them on the basics of secure passwords, access controls, and proper data-handling protocols.
• Follow a smart data lifecycle. It’s tempting to want to keep client and employee information forever. But with that comes a risk—a costly one. Mitigate this risk by asking only for necessary information, storing it in a secure manner and destroying it when it’s no longer needed. A smart data lifecycle—knowing what you need, how long it should live, and how to dispose of it—ensures minimal damages if a breach should occur.
• Vet vendors. Just because you’ve given your business a data security health checkup doesn’t mean your partners and third-party vendors have. Vet, vet, vet any company that has access to your systems or employee resources. Only deal with companies that take their digital waistline as seriously as you do.

According to the latest study by Javelin Strategy & Research, “almost 1 in 4 consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010.”

A couple of months ago, I commissioned a poll by GFK Roper to gauge awareness and concern about identity theft. To my chagrin the results were worse than I expected. Approximately 40 percent of the respondents said they believed that threats about the danger and probability of becoming a victim were little more than a marketing ploy cooked up by communications departments at identity theft service providers. Even Consumer Reports recently said that they believed the threat of identity theft was “overblown.”

While your risk of becoming ill fluctuates depending upon factors such as the strength of that season’s particular flu strain, your chances of becoming roadkill for an identity thief continue to rise. The percentage of all consumers who have become identity theft victims has increased in each of the last three years, as the crime spread to affect 12 million victims in 2012 alone, according to Javelin.

If your Social Security number is exposed in a breach, your risk multiplies. Javelin found that, “consumers who had their Social Security number compromised in a data breach were 5 times more likely to be a fraud victim than an average consumer.”

According to the Open Security Foundation, more than 267 million (yup, that’s “million”) records were exposed last year in 2,644 data breaches and at least 60 million pieces of personally identifying identification wound up in the hands of identity thieves and fraudsters. Even this astronomical number paints an unnaturally rosy picture, since the actual number of breached records is not reported in more than a quarter of all incidents.

Scammers are able to slither into our lives through more cracks and crevasses these days because they are extremely patient and grow more sophisticated by the hour. This spring, hackers cobbled together enough personal information belonging to celebrities and public figures, including First Lady Michelle Obama, Vice President Joe Biden, Jay-Z, Beyonce and Secretary of State Hillary Clinton to access a government-mandated free credit report site and export the purloined data to a Russian website where it was posted for the world to see. Last month, security researchers discovered a piece of data-stealing malware that attacks Android phones and cannot be deleted. Meanwhile, across the globe, hackers manipulated bank computer systems to create fake prepaid debit accounts, hired thugs to withdraw cash from thousands of ATM machines across more than two dozen countries, and stole more than $45 million in a matter of hours.

Just as the flu virus evolves and mutates over time, becoming more virulent as it responds to and overwhelms vaccines designed to contain and defeat it, hackers and identity thieves are able to avail themselves of quantum leaps in computer processing power used by legitimate companies to create modern Internet authentication and security systems which they then manipulate for their own nefarious purposes.

It’s no wonder then that criminals are more effective than the flu at infecting vulnerable segments of our society. However, unlike the flu, which must figure out its next move by the random mutations of natural selection, identity thieves have only to follow the maps that we ourselves create for them. As the latest data from Javelin shows, the bad guys are getting better and better at it.
How to Beat the Identity Theft Flu
If you want to avoid becoming a flu victim, there are precautions you can take. The same can be said for identity theft as long as it is tempered by the reality that you are trying to prevent (or minimize) further damage. Here then are five things you should do that will help mitigate the fallout from being on a compromised database.

This is not a test.
Take breach notices very seriously. Forty-six states and the District of Columbia have laws requiring entities that gather individuals’ personally identifiable information (PII) to inform victims when that data is breached. These notifications have proven to be surprisingly effective at predicting fraud. According to Javelin’s survey, 12% of all consumers received notice in the previous 12 months that their information had been compromised in a breach. But among actual victims of fraud, a whopping 51% had received such notifications.

God helps those who help themselves.
Many companies, government agencies and nonprofits that suffer data breaches either offer credit and/or fraud monitoring services often for a year or two after the breach takes place. Some even provide access to fraud experts to help victims resolve the issue. Credit monitoring is not the silver bullet but it can be a reasonably effective early warning tool to help detect suspicious activity. A combination of credit and public records monitoring is a more effective detection suite. If they offer monitoring and access to a fraud resolution expert, you would be irresponsible not to accept. Identity theft is not something you should face alone.

Check to see if you already have a damage control program.
Through a variety of other relationships, you may already have access to someone who can help you deal with the problem. If you discover that there’s a chance your personal information has been improperly accessed, immediately contact your insurance agent, the Human Resources Department where you work, your bank or credit union representative. It is quite possible that one of these institutions may offer such a service at minimal cost or as a free perk to customers, clients, members or employees.

Contact the credit reporting agencies.
Put a fraud alert on your file or “freeze” your credit. With an alert, you’re placing a note in your credit file requesting creditors to take extra steps before granting new credit in your name. Alerts must be renewed every 90 days, and can be extended for up to seven years. Unfortunately, many creditors don’t follow them, which may make them less effective.

The other option is a credit freeze. This makes sense if you’re relatively sure your personal information has been compromised. Unlike an alert where it’s possible to access your own credit with sufficient additional identification, a freeze blocks anyone from opening any new credit accounts, including you. The process can prove somewhat cumbersome, however if you actually need more credit—thawing and re-freezing your credit requires advance notice, and can cost between $5 and $20, depending on your situation and state.

Adopt a culture of monitoring
Pay close attention to all of your accounts. This is something you should do as a matter of course, anyway. Your credit is a portfolio. It’s an asset just like your investments and must be continuously built, nurtured, monitored and protected. You can also enroll free of charge in a variety of programs offered by banks, credit card issuers and credit unions that notify you whenever a transaction (or a transaction in excess of a designated amount) occurs in any of your accounts.

However, if your personal information has been improperly accessed, this process becomes even more critical and should not be limited to financial accounts. The ramifications of identity theft go way beyond stolen dollars and cents. It could lead to lives endangered or lost. Medical, criminal, synthetic and tax-related identity theft can land a victim on a no fly list, in jail, standing in front of IRS criminal investigators, or in the morgue. That’s why you must check your Social Security Annual Earnings Statements, health insurer’s Explanation of Benefits, Lexis Nexis CLUE reports, medical records and any other report that can be accessed.

An ounce of prevention
The quicker you detect identity theft the more ammunition you have to challenge fraudulent charges and immunize other segments of your life from contagion. It’s similar to the flu, with one grave exception. If you are a victim of identity theft, staying in bed and hiding under the covers will only make things worse.

This article originally appeared on Credit.com.

Adam Levin is chairman and co-founder of IDentity Theft 911 and Credit.com. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.

Scott Vernick – of Center City’s Fox Rothschild law firm, who specialized in data security and intellectual property law – said the bill likely breaches the U.S. Constitution’s Fourth Amendment.

“The question is, can you get it [the cellphone] without a warrant?” Vernick said, according to the Inquirer Trenton Bureau. “I am pretty sure it is not constitutional. I think we have a right to be free from unreasonable searches and seizures.”

The bill also troubles the American Civil Liberties Union of New Jersey, CNN reported.

“Our State and Federal Constitutions generally require probable cause before authorizing a search, particularly when it comes to areas that contain highly personal information such as cellphones,” said Alexander Shalom of the ACLU-NJ, according to the source. “The legislature cannot authorize searches unless there is probable cause, therefore the bill is likely susceptible to a constitutional challenge.”

Goal of the Legislation
While some fear the bill, if approved, it would disclose Americans’ personal information, others say it will cut down on the number of accidents caused by distracted drivers. State Sen. Jim Holzapfel, who introduced the New Jersey bill, said he was encouraged to create the legislation after hearing about so many drivers, mainly teenagers, dying in car accidents caused by texting, the Inquirer reported.

The New Jersey Division of Highway Traffic Safety reported 1,840 cellphone-related crashes in 2011 – proof Holzapfel said the state needs to encourage drivers to change behaviors behind the wheel.

He also disputes the bill puts personal information at risk and that police should be able to see if a driver involved in a crash was talking or texting on their phones at the time of the collision.

“I think it is reasonable for the officer to have access,” he said. “I don’t know that you can have a privacy expectation.”

CNN reported 11 states in the nation ban talking on hand-held cellphones while driving and 41 states prohibit texting while driving. If approved, the New Jersey bill would be the first of its kind in the nation.

X-Rays Become New Target for Identity Thieves
While many may think patient medical records and hospital central data systems are most often targeted in identity theft schemes, a new trend has emerged: Stolen X-rays. Thieves are stealing hospital X-rays, which can include a patient’s personally identifiable information. Sometimes, criminals nab them solely for their silver content. Either way, these incidents should be treated as data breaches and reported to the U.S. Department of Health and Human Services, The Wall Street Journal reported.

New Regulations Look to Decrease Chance of Medical Data Breach
A recent audit of 20 healthcare providers conducted by the Office of Civil Rights found about 65 percent of deficiencies at these organizations were security-related and more than a quarter were privacy-related. Such data shows why it was necessary to enact new security rules for the Health Insurance Portability and Accountability Act (HIPAA) in March. The audit also showed there is “plenty of noncompliance” at U.S. medical facilities, Leon Rodriguez, director of the OCR, told Health Tech Zone. He added there is clearly room for improvement in data breach protection at these facilities to keep patients safe from identity theft.

Travelers: Beware of Identity Theft Risks
A recent report showed that identity thieves tend to target busy tourist areas and businesses that attract out-of-towners. The 2013 Trustware Global Security Report said retail stores, bars and restaurants, and hotels in tourist towns are the targets for 78 percent of all data breaches, mainly because so many consumers use credit and debit cards at these places. However, another problem contributing to the high number of data breaches at these businesses is that the companies fail to make data security a top priority.

Seniors, Too, Are Likely Targets
Seniors more likely to be the victims of identity theft than younger consumers, Federal Trade Commission data released this week showed. Nineteen percent of the 52,610 complaints filed with the FTC in 2012 about identity theft came from consumers 60 and older. In 2010, just 13 percent were from seniors. High credit scores and a disposable income are some of the factors of senior identity theft. Many thieves are filing false tax returns, using seniors’ Social Security numbers, too.

Matt Cullina is chief executive officer of IDentity Theft 911.

Americans were taken aback recently when it was announced that the National Security Agency had obtained years of electronic data from calls made by cell phone customers. The person allegedly behind the leak has been identified as 29-year-old Edward Snowden—an employee of defense contractor Booz Allen Hamilton.

Snowden, called “one of America’s most consequential whistle-blowers” by The Guardian, is allegedly responsible for handing over material from the NSA to show what personal information the U.S. government has been obtaining.

Booz Allen said it was “shocked” by its employee’s data breach, The Wall Street Journal reported. The breach could have serious implications for the company, which earns nearly all its revenue from government work.

While the news of the breach shocked the nation, it also highlighted the importance of data privacy and security. This is an issue that is becoming increasingly important for businesses across America, especially those that employ the help of third-party vendors.

Third-Party Security Risks and How to Avoid Them

The NSA case illustrates the risk and danger of insider threats when one individual who has been given the mantle of trust goes “off the wire.” This is very similar to the case of the Bradley Manning case, a young military intelligence private who leaked sensitive and confidential data to WikiLeaks. Both Snowden and Manning claim altruistic motives for violating trust and endangering national security. Breaches of this nature, committed by vetted and trusted individuals, are among the most difficult to control. In the Snowden case, much is being made of him as a civilian contractor or third-party vendor. But the larger issue with both Snowden and Manning is that they’re both insiders. Insider access to data is a threat scenario that needs to be carefully considered and controlled.

Beyond deliberate acts, there is another insidious threat to the security of sensitive data—nonintentional compromise or disclosure by simple errors, mistakes and/or negligence. Our experience demonstrates that a number of companies go to great lengths to protect their data within the confines of their organization but fail to adequately vet, manage and continuously audit outside companies to whom they trust and extend sensitive data.  A high number of data breaches are due to mistakes by third-party vendors, proving why it’s important for companies to take action to prevent such an event damaging their reputation.

A Ponemon Institute study released last year showed that third-party vendors account for about 19 percent of data breaches a year – more than cyberattacks (7 percent) and failure to shred confidential documents (6 percent).

Third-party data breaches can be costly (nearly $1.05 million), according to the study. To avoid having to pay for these costs, and for taking responsibility for the event, companies that employ third-party vendors must create clear security policies regarding liability for data breaches—putting the third-party vendor at fault in such an event.

Other Smart Steps to Lower Data Breach Risk
A business that entrusts data to an outsider company still maintains responsibility for the protection of that data if it is lost, stolen or compromised. While covering your tracks when conducting business with a third-party vendor is a good idea, there are also some internal steps a company can take to protect itself from a data breach.

Strategically, there are three fundamental risk mitigation areas that must be addressed when engaging third-party contractors:

• Contract requirements
• Insurance
• Initial due diligence, audit and governance.

It is critical to put in place appropriate contract language that clearly:

• Provides protection and control requirements for entrusted data.
• Requires immediate notification and investigative access in the event of a known or suspected compromise
• Discusses liability for expenses attendant to the breach
• Requires adequate insurance to be put in place by the vendor that covers the various threats to the entrusted data.
• Second, beyond the vendor’s insurance coverage, the business that owns the data needs appropriate insurance coverage for its internal needs as well as an understanding of coverage—if any—should a contractor or third party lose the entrusted data.

Third, the company needs to do appropriate initial and ongoing due diligence to insure the vendor being entrusted with the data has appropriate mechanisms in place to protect the data; responds if necessary to a security event; and has the financial and operational wherewithal to withstand the consequences of an event.

Tactically, there are a number of things that the company and the third-party vendor can do to mitigate risk. Some of the lower hanging fruit that can represent major pain points are relatively easy to implement.

For instance, limiting the number of mobile devices at the firm and enacting a centralized mobile device management program that includes things like the enforcement of strong password protection, content encryption and remote disablement/content wiping will decrease the chances that sensitive company information is lost. Mobile devices are smaller than company laptops or computers, but can contain just as much data. Smartphones are easier to lose, however, meaning that data could end up in the wrong hands.

Encrypting sensitive data is recognized as a smart idea to protect mobile phones, laptops and other portable storage devices like flashdrives. In fact, encrypting all company information, not just that on smartphones, is a wise choice. If the information is encrypted, it will be difficult, if not impossible, for hackers who access a company’s system to make sense of it. In most cases and state jurisdictions, encryption is the difference between a major breach requiring regulatory reporting, notification of the impacted population and significant attendant expense or simply the loss of a physical device with no informational value.

Brian McGinley is chief executive officer of IDT911 Consulting.

These spam offers try to encourage consumers to make purchases by offering special discounts or hot products. However, the link to these supposed offers takes buyers to a page asking for personal information—info that is then used to steal someone’s identity.

Symantec has identified some email messages this year sent to consumers that are bogus offers. These emails are from:

• “Personalized Father’s Day Gifts”
• Quick Father Gifts
• Cigars for Dad
• Fathers Day Cigars

Subject lines of these phony gift offer emails include:

• 15 Cigars for 29.95 (68% off Fathers Day sale!)
• The perfect gift for Fathers day only costs 32% of the original price!
• Regarding Father’s Day orders
• Personalized Gifts for All The Dads In Your Life
• Top Personalized Fathers Day Gifts
• Get relief from chronic spine conditions. Father’s Day Discount Available

Remember Dad’s Advice

Your dad has offered countless words of wisdom throughout your life—many of which can be used to protect against online identity theft. Did your father ever warn you not to speed as a teenager? “That’ll go on your permanent record,” he may have said to remind you to be cautious in your car and avoid a speeding ticket. The Federal Trade Commission says that was good advice.

Every American has a permanent record, which includes personal information such as a credit report. This report will likely be checked by future employers and landlords to see if you pay bills on time, which is why you will want to ensure this report is accurate. Consumers are entitled to a free credit report every year by using AnnualCreditReport.com. However, the FTC warns consumers to be cautious of lookalike sites that end up charging consumers in the end for the report.

“You’re going out looking like that?” may have been another phrase heard often during your teen years. While it may have resulted in an eye roll, this warning from Dad can also be applied to identity protection, according to the FTC.

“Dad’s right that how you present yourself in public—including on social networking sites—can affect your future,” the FTC post stated.

The agency suggests keeping sensitive personal information off social media websites, such as Facebook and Twitter. Once that information is online, it can’t be taken back.

Raul Vargas is a fraud operations manager at IDentity Theft 911.

Government and healthcare organizations garnered a lot of attention this week—and not for good reason. A number of federal agencies, medical facilities and healthcare companies experienced cyberattacks and data breaches, putting at risk the personally identifiable information of consumers and patients. Here’s a roundup of identity theft and data security news.

Chinese Military Groups Hack Into VA Networks
The Veteran Affairs Department suffered a blow this week when a former security chief said Chinese military groups had hacked into its computer networks. At least eight foreign-sponsored organizations connected to the Chinese military compromised the networks, according to Jerry Davis’s testimony before a House subcommittee. According to The Washington Post, the former VA computer security chief said he became aware of the attacks in March 2010 and that they continue to this day.

Americans Express Concern Over Security of Personal Information
Consumers are worried about how data breaches at large organizations may put their personal information at risk. A recent Unisys Security Index showed that 82 percent of Americans surveyed feared that their information could be hacked or leaked to the public. Survey participants are mainly concerned about banks: Roughly 67 percent of respondents said they were anxious about data security at financial institutions. Nearly 62 percent said they were concerned about breaches at federal, state and local public sector agencies, Info Security reported. Other industries that cause apprehension: Healthcare organizations, telecommunications and Internet service providers.

Patient Privacy Breached
When medical records and patient personal information is exposed, Americans may face severe consequences, Bloomberg reported this week. Embarrassment may be the first consequence that comes to mind, but when medical histories and other sensitive data is either hacked into by identity thieves or released to the public due to a clerical or technical error, patients can also lose out on potential jobs and end up paying more for medical insurance, the source said. It doesn’t take much personal information about a patient to put the pieces of the puzzle together, either. Even if it is just a patient’s ZIP code and dates of when they sought medical attention are released, people can use that information to find out when they may have been in a hospital, and from there, find their medical history, Bloomberg reported.

Medical Facility Leaks Personal Information
The University of Massachusetts Center for Language, Speech and Hearing had to recently inform approximately 1,600 of its patients that their personal information may have been compromised. The medical facility suffered a data breach, Health IT Security reported this week. A malware program infected a workstation that stored patients’ Social Security numbers, addresses, health insurance companies and their primary doctors.

Matt Cullina is chief executive officer at IDentity Theft 911.

Health records contain highly personal information, which is why healthcare organizations must ensure they have a data breach response solution in place to keep medical records secure.

However, a number of organizations suffer data breaches. Some recent cases include Buffalo, N.Y.-based Dent Neurologic Institute, which experienced a technical error that accidentally sent personal information of 10,000 patients to about 200 people, according to Becker’s Hospital Review.

The source listed eight other healthcare facilities that experienced recent data breaches, including Raleigh Orthopaedic Clinic in North Carolina and Glenn Falls Hospital in New York. The orthopaedic clinic notified 17,300 patients that their personal information may have been compromised, and Glenn Falls Hospital faced a lawsuit after names and medical records of 2,360 patients were accidentally released.

Severe Consequences
Patients who fall victim of data breaches at healthcare organizations face dire consequences. For instance, when personal health information becomes public, people can lose out on job opportunities, pay more for medical insurance and have more difficulty in custody battles, Bloomberg recently reported. On top of those consequences, patients can also suffer personal embarrassment.

However, some states are selling public information that could be linked to a person’s medical conditions, the source said. Washington is among at least 25 states across the country that releases some combination of patient identifying markers, like a patient’s age, ZIP code and dates of when they were admitted to and released from medical facilities. This increases the likelihood that medical information may be compromised. As medical records become digitized, the risk of hacking and data breaches also heightens.

“All I have to know is a little bit about a person and when they went to a hospital, and I can find their medical record in this kind of data,” Latanya Sweeny, director of Harvard University’s Data Privacy Lab, told Bloomberg. “The real takeaway is we can do better than this.”

Why Aren’t Healthcare Organizations Doing Better Job?
Healthcare organizations can encrypt patient data to make it more difficult to interpret in the case of a data breach. However, many organizations believe the cost of encrypting data is high, and many are taking their chances instead of investing in data breach protection solutions, Health IT Security reported.

Yet, the cost to the patient who is a victim of such breach is also high. A Javelin Strategy & Research report showed that 122,000 victims of a cyber data breach at the Utah Medicaid and Child Health Insurance Program have to pay about $770 and take 20 hours to resolve their individual fraud cases. The cost alone could turn a customer against a healthcare organization or medical insurance company. These instances also lead to patients losing trust in their medical provider.

About 8.6 million households in the United States have experienced the devastating effects of identity theft in the last 10 years, according to the Bureau of Justice Statistics.

More worrying data was recently reported. This year, it is expected that $21 billion will be stolen as a result of identity theft, according to a study by Javelin Strategy & Research. And, the Committee on Ways and Means said it will cost between $500 and $1,200 and take 30 to 60 hours for a victim to resolve identity theft.

As the problem becomes more and more widespread throughout the nation, it’s important for Americans to take the necessary precautions to protect themselves from the crime. A recent Deseret News article offered some useful tips in order to help consumers protect against identity theft.

How Does it Happen?
First, it is helpful to understand the many ways in which identity theft can occur. Identity thieves can obtain personal information on consumers through someone’s trash, stolen mail, by searching public information or even just searching the Internet. However, these criminals are becoming more creative with how they steal a consumer’s information. One such example is criminals creating online scams, luring consumers to websites where their confidential information is obtained, the Deseret News article stated.

Take Extra Precaution
Keeping a close eye on personal information, bank accounts, purchases and credit history are just some of the ways to prevent identity theft. Always request a receipt when making a purchase, the source said, and inspect bank statements to see if there are any charges that were not authorized. Identity thieves steal money from Americans’ bank accounts by using a fake ID or skimming a credit card at a gas station.

Once you have inspected all financial documents, shred them instead of simply throwing them in the trash. Another tip the source suggested was avoid giving out personal information over a phone call. Using complex online passwords to personal accounts, change bank card personal identification numbers often and secure all sensitive information and documents are more identity theft tips, according to Deseret News.

What to do When You Have Fallen Victim to Identity Theft?
If someone has obtained your personal information, immediately close bank or credit card accounts that may have been compromised, the source said. Filing a local police report is also a smart idea. Another step is placing a 90-day fraud alert with a credit reporting agency to help keep your credit score from taking a blow.

Identity theft is one of the fastest-growing crimes in the country, and many Americans likely know someone who has fallen victim to it, Greenville, N.C., CBS affiliate WNCT reported. Identity theft is now the most popular consumer complaint filed with the Federal Trade Commission, according to the source, proving how important for Americans to take the proper precautions to prevent becoming a victim.